From 0fcc28c303a9f3abfa8c85eb9f0a29039aa98df3 Mon Sep 17 00:00:00 2001
From: Alex Rudyy <orudyy@apache.org>
Date: Tue, 10 Mar 2015 22:26:16 +0000
Subject: QPID-6436: Allow user to update its own preferences without explicit
 permissions

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1665731 13f79535-47bb-0310-9956-ffa450edef68
---
 .../main/java/org/apache/qpid/server/security/SecurityManager.java | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'qpid/java')

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
index 922d64e6ee..754f6074e3 100755
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
@@ -532,6 +532,13 @@ public class SecurityManager
 
     public void authoriseUserUpdate(final String userName)
     {
+        AuthenticatedPrincipal principal = getCurrentUser();
+        if (principal != null && principal.getName().equals(userName))
+        {
+            // allow user to update its own data
+            return;
+        }
+
         final Operation operation = Operation.UPDATE;
         if(! checkAllPlugins(new AccessCheck()
         {
-- 
cgit v1.2.1